What is GDPR?

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a regulation in EU law on data protection and privacy of European Citizens residing in European Union. It has a global reach with tough sanctions for non-conformance. It is all about providing assurances and rights to EU Citizens residing in EU, whose data is being collected by businesses to deliver a service or product.

GDPR stands for General Data Protection Regulation

It has evolved from Data Protection Directive, which came out in 1995

Adopted in April 2016 with a two year grace period, which means that by May 2018 Compliance has to be in place.

Address modern use of data

Respect the individual’s right to their personal data

Cost of non-compliance

Major: €20 million or 4% of annual global revenue, whichever is higher

Minor: €10 million or 2% of annual global revenue, whichever is higher

GDPR Article 83 explains the details

Parties involved

Data Controller: Entity Collecting Data

Data Processor: Entity processing data for the data controller

Data Subject: Entity whose data is being collected by Data Controller to provide a service

Data Protection Officer: Entity responsible for an organization to ensure data protection controls and necessary governance is in place.

Data types

Personal Data – Ability to identify an individual from the data

IP Address

Email address

Address

etc.

Special categories of Personal Data

Date of birth

Religion

Gender

Personal lifestyle/affiliations

Genetic

Race

Ethnicity

Health, etc

Rights of the Data Subject

Consent

Access

Deletion

Modification

Portability

Not to be subject to automatic data profiling

Breach notification

Data Processor: Immediately notify Data Controller

Data Controller: notify the authorities and Data Subjects of the breach within 72 hours

How am I impacted?

If you are a business operating anywhere in the world and are collecting information about EU citizens residing in EU, then you have to comply with GDPR.